feat(profile): general update.

2024-10-14 19:32:48 +01:00 · 2024-10-14 19:32:48 +01:00 · 185dc96d45
commit 185dc96d45
parent 48751f75b2
48 changed files with 165 additions and 120 deletions
--- a/apparmor.d/groups/freedesktop/update-desktop-database
+++ b/apparmor.d/groups/freedesktop/update-desktop-database
@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = @{bin}/update-desktop-database
 profile update-desktop-database @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
+  include <abstractions/attached/consoles>
  include <abstractions/consoles>
  include <abstractions/freedesktop.org>

--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
@ -48,6 +48,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {

  owner @{desktop_cache_dirs}/dconf/user r,
  owner @{desktop_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
+  owner @{desktop_config_dirs}/dconf/user r,
  owner @{DESKTOP_HOME}/greeter-dconf-defaults r,

  owner @{HOME}/ r,
--- a/apparmor.d/groups/freedesktop/xdg-document-portal
+++ b/apparmor.d/groups/freedesktop/xdg-document-portal
@ -57,7 +57,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
  owner @{PROC}/@{pid}/cgroup r,
  owner @{PROC}/@{pid}/fd/ r,

-        /dev/fuse rw,
+  /dev/fuse rw,

  profile fusermount flags=(attach_disconnected) {
    include <abstractions/base>
--- a/apparmor.d/groups/freedesktop/xdg-open
+++ b/apparmor.d/groups/freedesktop/xdg-open
@ -35,6 +35,8 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
  @{bin}/xdg-mime             Px,
  @{open_path}                Px -> child-open-any,

+  @{PROC}/version r,
+
  profile bus {
    include <abstractions/base>
    include <abstractions/app/bus>
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@ -11,6 +11,7 @@ include <tunables/global>
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/attached/consoles>
+  include <abstractions/consoles>
  include <abstractions/mesa>
  include <abstractions/X-strict>

@ -29,6 +30,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/xorg/Xorg.@{int}.log w,

        /var/lib/{gdm{3,},sddm}/.local/share/xorg/Xorg.@{int}.log w,
+        /var/log/Xorg.@{int}.log w,
  owner /var/log/lightdm/x-@{int}.log w,

  owner @{run}/user/@{uid}/server-@{int}.xkm rwk,
@ -38,9 +40,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
  /dev/dri/card@{int} rw,
  /dev/fb@{int} rw,
  /dev/tty rw,
-
-  deny /dev/input/event@{int} rw,
-  deny /var/log/Xorg.@{int}.log w,
+  /dev/input/event@{int} rw,

  include if exists <local/xkbcomp>
 }
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@ -134,6 +134,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
  /dev/shm/shmfd-* rw,
  /dev/tty rw,
  /dev/tty@{int} rw,
+  /dev/udmabuf rw,
  /dev/vga_arbiter rw,  # Graphic card modules

  profile pkexec {